[HOSTEDCP-1041] Defaulting webhook for self managed HCP #2864
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: davidvossel The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
area/hypershift-operator
|
Needs a |
| @@ -1659,7 +1659,7 @@ type ManagedEtcdStorageSpec struct { | |||
| // | |||
| // +optional | |||
| // +immutable | |||
| RestoreSnapshotURL []string `json:"restoreSnapshotURL"` | |||
There was a problem hiding this comment.
Why this change? Seems unrelated.
There was a problem hiding this comment.
i know... I thought so too. but it actually matters in a kind of dumb way (that I only half understand)
The issue is with how the decoding/encoding of the object works in the webhook. If we don't add omitempty here, then the decode/encode logic results in the mutation webhook trying to patch RestoreSnapshotURL to Null, then we get an API error during the validation phase about trying to set a []string to a Null value... or something along those lines.
| @@ -440,7 +432,11 @@ func CreateCluster(ctx context.Context, opts *CreateOptions, platformSpecificApp | |||
| func defaultNetworkType(ctx context.Context, opts *CreateOptions, releaseProvider releaseinfo.Provider, readFile func(string) ([]byte, error)) error { | |||
| if opts.NetworkType != "" { | |||
| return nil | |||
| } else if opts.ReleaseImage == "" { | |||
There was a problem hiding this comment.
I think this change is causing the unit test failure of TestDefaultNetworkType in github.com/openshift/hypershift/cmd/cluster/core
support/supportedversion/version.go
Outdated
| return "", err | ||
| } | ||
| return version.PullSpec, nil | ||
|
|
|
|
||
| if np.Spec.Release.Image != "" { | ||
| return nil | ||
| } else if np.Spec.ClusterName == "" { |
There was a problem hiding this comment.
Why is the defaulter throwing this validation error? the .ClusterName is already required and immutable
There was a problem hiding this comment.
Two reasons
-
I don't think ClusterName required to be a non empty string. I believe it is only required to be immutable. this is the validation rule for cluster name
+kubebuilder:validation:XValidation:rule="self == oldSelf", message="ClusterName is immutable" -
The mutation webhook runs before the validation, which is why we can default the empty release image even though it is required to not be empty via this validation rule
+kubebuilder:validation:Pattern=^(\w+\S+)$
So, i'm kind of in a weird spot with the cluster name here.
There was a problem hiding this comment.
I don't think ClusterName required to be a non empty string
Yeh it is, every API field is required unless marked as optional via kubebuilder marker or a pointer with omitempty tag. So I think we can drop this check completely unless you prove me wrong, in which case that's a bug and we should fix the field to be a required non empty string at the API level and address separately from the release defaulting.
There was a problem hiding this comment.
you're right though this ensures presence but it would accept an explicitly set zero value for the string, and as you mentioned if we enforced != "" validation at the crd schema it would run after this, so I'm fine either way.
| } | ||
|
|
||
| func LookupLatestSupportedRelease(ctx context.Context) (string, error) { | ||
| prefix := "https://multi.ocp.releases.ci.openshift.org/api/v1/releasestream/4-stable-multi/latest" |
There was a problem hiding this comment.
Did we make a decision of defaulting to multiarch? This has an impact particularly for disconnected environments https://issues.redhat.com/browse/MIXEDARCH-292 / https://issues.redhat.com/browse/MIXEDARCH-255
At minimum I think we should document and communicate this clearly in docs?
There was a problem hiding this comment.
The cli defaulted to multi, so i brought that over to the webhook.
hypershift/cmd/version/version.go
Line 22 in 1fc3c32
If someone is using disconnected, I doubt they'd be using the release image defaulting.
| PullSpec string `json:"pullSpec"` | ||
| DownloadURL string `json:"downloadURL"` | ||
| } | ||
|
|
There was a problem hiding this comment.
would you mind document this func? e.g // LookupLatestSupportedRelease picks the latest multi-arch image supported by this Hypershift Operator...
|
it'd be nice to exercise this in the kubevirt job |
davidvossel
force-pushed
the
defaulting-webhook-v1
branch
from
d830c81
to
7677e88
Compare
yep, I think it will take a few steps for us to get to that point though. We'll need to enable the webhook during install (which involves messing with openshift/release ci code), then we can add a e2e test case that ensures the HC/NP defaults the release image during creation when kubevirt platform is in use. |
|
|
||
| err := defaulter.client.Get(ctx, client.ObjectKeyFromObject(hc), hc) | ||
| if err != nil { | ||
| return fmt.Errorf("Error retrieving HostedCluster named [%s], %v", np.Spec.ClusterName, err) |
There was a problem hiding this comment.
Cap letter here makes verify fail.
There was a problem hiding this comment.
oops, thanks, fixed
Signed-off-by: David Vossel <davidvossel@gmail.com>
davidvossel
force-pushed
the
defaulting-webhook-v1
branch
from
7677e88
to
d3e9893
Compare
✅ Deploy Preview for hypershift-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
/retest-required |
|
@davidvossel: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm |
|
/retest-required |
|
/override "Pipelines as Code CI" |
|
@davidvossel: Overrode contexts on behalf of davidvossel: Pipelines as Code CI In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Previously, the hostedCluster.Spec.Release.Image was required and the hcp or hypershift cli defaulted that value client side. This posed several issues though.
The new logic performs defaulting the release image on the backend using an optional mutating webhook. The logic takes into account the latest/min supported versions and picks the most recent version that falls within those constraints.
A webhook was chosen over performing defaults in the controller's reconcile loop due to the following reasons.